CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE
A newly disclosed critical vulnerability in the Sneeit Framework — a widely used WordPress plugin powering premium themes such as FlatNews — is being actively targeted in the wild. Assigned CVE-2025-6 ...
-
Daily CyberSecurity
High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default
HashiCorp has released an important security advisory addressing a misconfiguration flaw in the Vault Terraform Provider that could allow attackers to authenticate to Vault without valid credentials w ...
-
Daily CyberSecurity
Critical Unpatched Flaw: Vivotek EOL IP Cameras Exposed to Unauthenticated RCE via Command Injection
The Akamai Security Intelligence and Response Team (SIRT) has uncovered a previously undocumented — and still widely exploitable — unauthenticated command-injection vulnerability in legacy Vivotek IP ...
-
Daily CyberSecurity
CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover
A newly disclosed vulnerability in R.V.R Elettronica’s TEX broadcast hardware has been assigned CVE-2025-63207, scoring 9.8 Critical on the CVSS scale. Security researcher Mohamed Shahat has revealed ...
-
Daily CyberSecurity
ToddyCat APT Steals Microsoft 365 Cloud Email by Dumping OAuth Tokens from Memory and Copying Locked OST Files
Kaspersky Lab has published new findings revealing how the ToddyCat APT group has significantly upgraded its cyber-espionage toolkit to infiltrate corporate email systems—both on-premises and in the c ...
-
Daily CyberSecurity
China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor
A newly published report from CyberArmor has uncovered a months-long espionage campaign targeting government and media organizations across Southeast Asia. The operation—codenamed “Autumn Dragon”—is a ...
-
The Cyber Express
CISA Adds Oracle Identity Manager Vulnerability to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an Oracle Identity Manager vulnerability to its Known Exploited Vulnerabilities database after the SANS Internet Storm Center ...
-
CybersecurityNews
PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks
A proof-of-concept exploit has been publicly released for CVE-2025-9501, a critical, unauthenticated command-injection vulnerability affecting W3 Total Cache, one of WordPress’s most widely deployed c ...
-
The Register
Years-old bugs in open source tool left every major cloud open to disruption
A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain ...
-
The Hacker News
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that coul ...